Windows

Comodo-Affiliated Product Compromises Your Web Security

V
  • Vlad Tiganasu,
  • 8 years ago
  • Editor Informer Technologies, Inc.

Comodo-Affiliated Product Compromises Your Web Security Comodo-Affiliated Product Compromises Your Web Security

I'm pretty sure you've heard about the malware called Superfish, which apparently came pre-installed on Lenovo laptops (probably as a free bonus from the company). It doesn't sound very good when a computer manufacturer gets called out on such a big security breach, but how about when it happens to companies and products which are supposed to be focused on PC and Internet security. When the guys who make a living out or protecting your system end up making your PC even more vulnerable than it was before, there isn't much of an excuse that you can find for them.

Comodo is a big international company which, among other products, also develops Comodo Firewall and Comodo Internet Security. PrivDog is a Web security application with strong ties to Comodo. The app is designed to you keep safe from malicious advertisements while you're browsing the web. Basically, what the tool does is it takes the potentially threatening ads and replaces them with secure ones. According to its promo, this way everybody wins: consumers, publishers and advertisers alike.

However, the developers of the application made one small oversight: PrivDog doesn't correctly verify the security certificates that it receives from the websites. As far as I know, even the most basic browser wouldn't make such a huge security error. To put things in simpler terms, if a hacker would intercept the data that travels from your computer to any website (let's say a bank), and then send you back data that originated from his computer, PrivDog will accept it without even realizing that it's coming from an outside source and not the bank that you were trying to connect to. Basically, this vulnerability made you a sure target for any kind of man-in-the-middle attack.

There is one more detail that makes things even more interesting. In most of the cases, PrivDog comes bundled with several Comodo products, such as Internet Security, Chromodo, Dragon and IceDragon (the last three are browsers), but all these applications use a different version of PrivDog which doesn't have this vulnerability.

According to an official statement from the company, this "potential issue" only exists in versions 3.0.96.0 and 3.0.97.0 of PrivDog, versions which have never been distributed by Comodo. A patch that fixes the problem is already available here.

Author's other posts

How to make your Mac kid-friendly?
Article
How to make your Mac kid-friendly?
A few tips on how to ensure your kids' safety while they're using Macs as well as on how to keep the machine safe from your children.
Samsung's next Galaxy phone is already up for reservations
News
Samsung's next Galaxy phone is already up for reservations
Even though Samsung hasn't announced the price of the upcoming Galaxy phone or its technical specifications, we can already make reservations and be among the first to receive it.
Find out which Android phones will be able to run Fortnite
News
Find out which Android phones will be able to run Fortnite
Curious to see if you'll be able to play the Android version of Fortnite on your phone? Here's the complete list of supported devices.
Mac security tricks
Article
Mac security tricks
If you don't have a lot of experience in using your Mac, here are a few tips that could keep your machine safe from various threats.